High-tech gadgets may not be enough to fight the onslaught of security threats faced by Canadian organizations – given a choice, more security executives would rather have Gandalf run their IT departments than Jack Bauer.

A survey by The Strategic Counsel found that 29 per cent of IT executives would take the magic of the Lord of the Ring’s Gandalf over the all-that-money-can-buy gadgetry at Jack of 24’s disposal. This may not be surprising, given that the survey also found that 82 per cent of the 240 organizations surveyed faced some kind of attack last year, up from 67 per cent in 2003. The study also found that one in three organizations suffered an internal attack of some sort — an alarming rise from 2003 in which only five per cent of organizations reported experiencing an internal breach.

“There was quite a significant increase across many of the attack categories,” said Warren Shiau, lead analyst of IT research for the Strategic Counsel.

Both users and vendors will say this is because there is more surface area to attack today, Shiau said. Given the proliferation of PCs, mobile and handheld devices, the ubiquity of the Internet and the online presence of most companies, there are more entry points for would-be hackers, he said.

Small difference The survey also indicated that there was a difference — though a small one — between the number of attacks experienced by those that felt they had spent enough on security and those who felt they didn’t. For example, 35 per cent of those who felt their security spending was too low suffered a network attack, compared with 30 per cent of those who felt their security spending was adequate.

“It’s not that dramatically different, but it is greater than the margin of error for that survey,” Shiau said. It shows that those who spend less on security tend to suffer a greater number of attacks, he said.

Companies are spending too much money to manage security manually, said Joanne Moretti, general manager of Computer Associates Canada, which commissioned the study. Companies that have been spending money on point-based security solutions are looking to spend money on holistic solutions, she said.

“What I’ve seen consistently is there’s always been this lingering, ‘I’ve got to get something done about security.’ But now we’re seeing dollars hit budget,” she said.